issue with CSRF token

[samerda75]

i am using Django with the but i am always getting this error Forbidden (CSRF token missing or incorrect.)

i have tried to include the token within the AjaxDatatableViewUtils.initialize_table but not failed to do so can you please advice i am using the below script

<script language="javascript">

    $( document ).ready(function() {
    var crf_token = $('[name="csrfmiddlewaretoken"]').attr('value');
        AjaxDatatableViewUtils.initialize_table(
            $('#datatable-customer'),
            "{% url 'crm:ajax_datatable_customer' %}",
            {
                // extra_options (example)
                processing: false,
                autoWidth: false,
                full_row_select: false,
                scrollX: false
            }, {
                // extra_data
                // ...
            },
        );
    });

</script>

[morlandi]

mmmh this is puzzling, since the library does a couple of POSTS via Ajax, and in both cases CSRF token in correctly sent:

file ajax_datatable/static/ajax_datatable/js/utils.js (line 341):

    $.ajax({
        type: 'POST',
        url: url,
        data: data,
        dataType: 'json',
        headers: {'X-CSRFToken': getCookie('csrftoken')}
    }).done(function(data, textStatus, jqXHR) {

file ajax_datatable/static/ajax_datatable/js/utils.js (line 398):

  $.ajax({
      type: 'POST',
      url: url,
      data: data,
      dataType: 'json',
      cache: false,
      crossDomain: false,
      headers: {'X-CSRFToken': getCookie('csrftoken')}
  }).done(function(data, textStatus, jqXHR) {

where:

    function getCookie(name) {
        var value = '; ' + document.cookie,
            parts = value.split('; ' + name + '=');
        if (parts.length == 2) return parts.pop().split(';').shift();
    }

so there is no need to supply it to AjaxDatatableViewUtils.initialize_table()

[samerda75]

mmmh this is puzzling, since the library does a couple of POSTS via Ajax, and in both cases CSRF token in correctly sent:

file ajax_datatable/static/ajax_datatable/js/utils.js (line 341):

    $.ajax({
        type: 'POST',
        url: url,
        data: data,
        dataType: 'json',
        headers: {'X-CSRFToken': getCookie('csrftoken')}
    }).done(function(data, textStatus, jqXHR) {

file ajax_datatable/static/ajax_datatable/js/utils.js (line 398):

  $.ajax({
      type: 'POST',
      url: url,
      data: data,
      dataType: 'json',
      cache: false,
      crossDomain: false,
      headers: {'X-CSRFToken': getCookie('csrftoken')}
  }).done(function(data, textStatus, jqXHR) {

where:

    function getCookie(name) {
        var value = '; ' + document.cookie,
            parts = value.split('; ' + name + '=');
        if (parts.length == 2) return parts.pop().split(';').shift();
    }

so there is no need to supply it to AjaxDatatableViewUtils.initialize_table()

Thank you for your support

[morlandi]

You're welcome.

I just added an example showing how to add a column with a button; this should be done python-side rather then javascript-side:

https://github.com/morlandi/django-ajax-datatable#81adding-a-button-for-editing

I will close this issue; feel free to open a new one in case

[shuki25]

It appears that it doesn't really work. I checked the request header and it is not showing 'X-CSRFToken' at all. It didn't work in both Safari and Firefox, so it's not the browser. The csrftoken cookie is set but the script is not passing that header for some reason. So I had to add csrfmiddlewaretoken in the extra_field to make it work.

[morlandi]

@shuki25 I do believe it does. Could you please check on the demo site http://django-ajax-datatable-demo.brainstorm.it/tracks/ ?

[shuki25]

@morlandi I'm opening up a new issue, I figure out what went wrong and you might want to figure out an alternative method.